In which way doesn't it work? Are you prohibited from viewing the files after logging in or can you see the files even if you haven't authenticated?
-Carl Rosaria Silipo wrote: > Hi, > > I am trying to set up Tomcat as a secure web engine. > From the tutorial I understood that you should insert the following > lines in web.xml and the password protection should work. > > This works perfectly for files in the root directory (/*), it does not > work for files in subdirectories, like /secure/*. > > Have you have ever seen this problem before? > > Thanks for any help > > -- Rosaria > > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > ... > > <!-- SECURITY CONSTRAINT --> > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure Pages</web-resource-name> > <description>Security constraint on all files</description> > <url-pattern>/*</url-pattern> > <url-pattern>/secure/*</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > > <auth-constraint> > <description>admin can login</description> > <role-name>admin</role-name> > </auth-constraint> > > <user-data-constraint> > <description>SSL not required</description> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <session-config> > <session-timeout>30</session-timeout> > </session-config> > > <!-- LOGIN AUTHENTICATION --> > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>default</realm-name> > <form-login-config> > <form-login-page>/LoginForm.html</form-login-page> > <form-error-page>/LoginError.html</form-error-page> > </form-login-config> > > </login-config> > > <!-- SECURITY ROLES --> > > <security-role> > <description>The most secure role</description> > <role-name>admin</role-name> > </security-role> > > </web-app> > > -- Rosaria > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
